Internet and Mobile (Lack of) Security News 5/16 through 5/19/2011

Selected/Aggregated from E-Secure-IT

This Free IT-Security news feed is provided by E-Secure-IT; the most comprehensive and complete Business Risk Management Intelligence Service and IT-Security Risk and Threat Early Warning Service available in the market today. Visit us at www.e-secure-it.com or email more-info@e-secure-it.com for more information on our available services.

Australia Credit card fraud: '57c for every $1k' (from ITNews at 19-5-2011) The Australian Institute of Criminology has revealed that fraud accounted for 57.15 cents of every $1,000 transacted using credit and charge cards in 2009. The institute said in a report that credit card fraud had increased 55 percent since 2006, when it accounted for only 36.93 cents in every $1,000 transacted. By comparison, the institute saw only a slight increase in debit card-related fraud, while cheque fraud continued its long-term decline.... read more»

Canada is the new global phishing hotspot (from IT Business at 19-5-2011) Canadian Internet users beware: according to research from global security vendor Websense, our home and native land is now the number two country in the world to host phishing sites. Research conducted by Websense between January and May of this year found that Canada climbed up to second, up from 13th last year, on the list of countries hosting malicious content. The number one spot went to the U.S., with Egypt coming in third, Germany in fourth, the U.K. in fifth, the Netherlands in sixth,... read more»

How to stay safe on Sony's PlayStation Network (from CNet at 19-5-2011) If you are a Sony PlayStation Network (PSN) customer you are probably getting a little paranoid. First there was the data breach from last month that exposed customer data and forced Sony to take the network down. And now, just days after Sony got the service back up and running, it has taken the PSN password reset service offline because it was allowing people to change other customers' passwords if they knew their e-mail address and birth date--information that was stolen in the attack.... read more»

Virus-free honeymoon over / Smartphones' global rise exposes long-secluded mobile network (from Yomiuri at 19-5-2011) A computer virus that allows unauthorized third-party access to stored data has infected smartphones in Japan, industrial sources said, the first time such a case has been confirmed in this country. Devices were found to have been infected by the virus in February and March, the sources said. Smartphones use operating systems--such as Apple's iOS and Google's Android--that are common to all markets globally, unlike conventional cell phones sold in Japan. This means smartphone viruses could... read more»

Malware rose by 46pc in Q1, Cisco report shows (from Silicon Republic at 19-5-2011) The number of unique malware types on the web increased by 46pc between January and March of this year, a new security report suggests. Ciscos Global Threat Report, which covers the first quarter of 2011, found 105,536 instances of unique web malware in March 2011 compared to January 2011 when there were 72,294 instances of unique web malware. Business users experienced an average of 274 web malware encounters per month during Q1, up 103pc compared to 2010.... read more»

IT industry news: Malware 'must be dealt with fast' (from computeach at 19-5-2011) Businesses must act quickly to tackle malware, according to Richard Moffitt, consultant systems engineer at Trusteer. "What we're finding is that attacks happen very quickly it's an automated process, [and] there are toolkits that allow fraudsters to generate new pieces of malware in minutes," he continued.... read more»

Six rising threats from cybercriminals (from Computer World at 19-5-2011) Hackers never sleep, it seems. Just when you think you've battened down the hatches and fully protected yourself or your business from electronic security risks, along comes a new exploit to keep you up at night. It might be an SMS text message with a malevolent payload or a stalker who dogs your every step online. Or maybe it's an emerging technology like in-car Wi-Fi that suddenly creates a whole new attack vector.... read more»

Spam and Phishing Landscape: May 2011 (from Symantec at 19-5-2011) The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline and send a variety of spam messages leveraging the event. The Fallout from the Death of Osama Bin Laden section includes samples of some of the spam monitored in different languages. The effect of the Rustock shutdown from the previous month continued this month. After falling 27.43 percent in March, the average daily spam volume fell another 5.35 percent in Ap... read more»

Hackers Increase Smartphone Attacks (from News In A Box at 19-5-2011) Reuters reports that there has been an increase in the number of smartphone hacking, which makes software giants and phone operators invest more and more in security. The increase in hacker attacks aiming at smartphones proves to be a difficult time for the software companies and the startups and telecom operators. But, on the other hand, hackers attacks seem to very profitable for the security providers. They create big business opportunities for companies that create antivirus programs, s... read more»

Is an 'alternate Internet' the only refuge from mounting threats? (from Government Computer News at 19-5-2011) The rapid adoption of mobile computing is creating vulnerabilities and threats faster than they are being addressed, a panel of industry and government experts said on May 18. Mobile is hot, and it will remain hot, said John Landwehr, Adobe Systems senior director of security solutions and strategy. Landwehr said that mobile, wireless access to the Internet is likely to surpass wired access as early as the end of this year, and most of mobile devices do not have the same level of security as ... read more»

How to stay safe on Sony's PlayStation Network (from CNet at 19-5-2011) If you are a Sony PlayStation Network (PSN) customer you are probably getting a little paranoid. First there was the data breach from last month that exposed customer data and forced Sony to take the network down. And now, just days after Sony got the service back up and running, it has taken the PSN password reset service offline because it was allowing people to change other customers' passwords if they knew their e-mail address and birth date--information that was stolen in the attack.... read more»

Virus-free honeymoon over / Smartphones' global rise exposes long-secluded mobile network (from Yomiuri at 19-5-2011) A computer virus that allows unauthorized third-party access to stored data has infected smartphones in Japan, industrial sources said, the first time such a case has been confirmed in this country. Devices were found to have been infected by the virus in February and March, the sources said. Smartphones use operating systems--such as Apple's iOS and Google's Android--that are common to all markets globally, unlike conventional cell phones sold in Japan. This means smartphone viruses could... read more»

Malware rose by 46pc in Q1, Cisco report shows (from Silicon Republic at 19-5-2011) The number of unique malware types on the web increased by 46pc between January and March of this year, a new security report suggests. Ciscos Global Threat Report, which covers the first quarter of 2011, found 105,536 instances of unique web malware in March 2011 compared to January 2011 when there were 72,294 instances of unique web malware. Business users experienced an average of 274 web malware encounters per month during Q1, up 103pc compared to 2010.... read more»

Say goodbye to era of Mac malware immunity (from MSNBC at 18-5-2011) You know you've finally arrived as a software platform when hackers start gunning for you. Such is the predicament that Apple's success has brought: Sophisticated malware has started to appear that's directed specifically at Apple machines. For years, security experts predicted that as Apple gained market share, cybercriminals would turn their attention from Windows machines toward Mac attacks. Now it appears to really be happening.... read more»

IT industry news: Malware 'must be dealt with fast' (from computeach at 19-5-2011) Businesses must act quickly to tackle malware, according to Richard Moffitt, consultant systems engineer at Trusteer. "What we're finding is that attacks happen very quickly it's an automated process, [and] there are toolkits that allow fraudsters to generate new pieces of malware in minutes," he continued.... read more»

Spam and Phishing Landscape: May 2011 (from Symantec at 19-5-2011) The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline and send a variety of spam messages leveraging the event. The Fallout from the Death of Osama Bin Laden section includes samples of some of the spam monitored in different languages. The effect of the Rustock shutdown from the previous month continued this month. After falling 27.43 percent in March, the average daily spam volume fell another 5.35 percent in Ap... read more»

Hackers Increase Smartphone Attacks (from News In A Box at 19-5-2011) Reuters reports that there has been an increase in the number of smartphone hacking, which makes software giants and phone operators invest more and more in security. The increase in hacker attacks aiming at smartphones proves to be a difficult time for the software companies and the startups and telecom operators. But, on the other hand, hackers attacks seem to very profitable for the security providers. They create big business opportunities for companies that create antivirus programs, s... read more»

Mobile hacking sets off security gold rush (from ibnlive at 19-5-2011) Hackers are increasingly aiming attacks at smartphones, touching off a race among software giants, start-ups and telecom operators seeking to cash in on ways to help consumers protect themselves. As the previously fragmented smartphone market coalesces around big operating systems like Apple's iPhone and Google's Android, it has become a more attractive target for hackers seeking to maximize damage with one hit. That's creating a big business opportunity for everyone from traditional antiv... read more»

Android User Data Easily Stolen (from informationweek at 18-5-2011) The weak link when it comes to security on Android devices, say University of Ulm researchers, is the ClientLogin authentication protocol when used on open Wi-Fi networks. This tool is used to authenticate user account details with the Android Market and Google services. It passes the authToken via secured https connections. The problem is the returned authToken, which can remain valid for up to two weeks. When used on insecure http networks, hackers can sniff out the authToken and then use ... read more»

Reduce Your Android Security Risks (from informationweek at 18-5-2011) Hackers and criminals have been targeting Windows on the desktop for years simply because it is the biggest platform out there in terms of market share. You want to go after the biggest audience possible to increase your odds of success in finding a system that is unprotected. Now that smartphones are such a large market, with tens of millions of devices being sold and activated each quarter, the temptation is just too big to pass up.... read more»

So many users, so many devices, so many problems (from The Register at 18-5-2011) Mobile users are different to the home worker and they're all different to a branch worker, so how do you find out what they need and give it to them effectively. Finding out what end users want from their desktop and comparing it to what you think they need can be a sobering experience. Performance, fast access to data and the latest software are likely to be high on their list of requirements, while security and minimal management overhead will be high on yours.... read more»

Launching the U.S. International Strategy for Cyberspace (from Whitehouse at 17-5-2011) Today, I am proud to announce the United States first, comprehensive International Strategy for Cyberspace (pdf). The International Strategy is a historic policy document for the 21st Century one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world. Today, Homeland Security Advisor John Brennan and I were joined by Secretary of ... read more»

AusCERT 2011: Eugene Kaspersky calls for Internet Interpol (from Computer World at 17-5-2011) With cybercrime now the second largest criminal activity in the world, measures such as the creation of an 'Internet Interpol' and better cooperation between international law enforcement agencies are needed if criminals are to be curtailed in the future, Kaspersky Labs founder and security expert, Eugene Kaspersky, has argued. Speaking at AusCERT 2011, the Moscow-based Kaspersky said the last five years had proved to be the "Golden Age" of cyber crime with the criminal activity now ranked se... read more»

Feds: Electronic medical records at risk (from Detnews at 17-5-2011) The nation's push to computerize medical records has failed to fully address longstanding security gaps that expose patients' most sensitive information to hackers and snoops, government investigators warn. Two reports released today by the inspector general of the Health and Human Services Department find that the drive to connect hospitals and doctors so they can share patient data electronically is being layered on a system that already has glaring privacy problems. Connecting it up could ... read more»

Geek.com Infects Visitors with Malware (from Softpedia at 17-5-2011) Attackers have managed to inject rogue IFrames into different portions of the site, both within articles and the site's main pages like home, about us, etc. According to Umesh Wanve, a senior security research engineer at Zscaler, there are multiple infections and the iframes take visitors to different malicious websites. One example is the rogue code injected into a May 13 article about Call of Duty: Modern Warfare 3 details being leaked, which redirects visitors to an exploit kit.... read more»

Cybercriminals Release Fake Microsoft Security Update (from securitynewsdaily at 16-5-2011) Internet criminals are hoping to make a quick buck today (May 10) by spoofing Microsoft's monthly security update with a fake bulletin of their own. The scam email is labeled "Urgent: Critical Security Update," and informs the recipient that Microsoft has issued a "high-priority" security fix for Windows, which can be downloaded via a link in the message, the security website Websense reports....

Hackers steal, publish Fox employee passwords (from Net-Security at 16-5-2011) A group of attackers who clearly have it in for Fox Broadcasting have managed to access a company server with hundreds of their employees' email usernames and passwords. Then they published the collected information on the Internet and invited people to use it to "ravage" online accounts that have the same login credentials:... read more»

Zeus Trojan's Source Code Leaked to Masses (from securitynewsdaily at 16-5-2011) The source code to the Zeus Trojan, a notorious piece of bank-account-stealing malware previously sold in underground cybercrime markets, is now out in the open and available for free download. "This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels," Peter Kruse from the security firm CSIS wrote. The Zeus code is being distributed in a .zip file; Kruse ran it in his lab, and said, "It wor... read more»

New Online Attacks Target Small Businesses (from securitynewsdaily at 16-5-2011) A small Internet service provider on British Columbia's picturesque Vancouver Island was hit by a distributed denial-of-service (DDoS) attack this week that disrupted Web use for thousands of customers. The attack heralds a shift in the size of organizations cyberattackers are now targeting. The attack hit Islandnet.com on Monday, and then resurfaced two days later in a "widespread, sustained way," that prevented customers, including a grocery store chain and the Vancouver Island Firefighters... read more»

How Cloud Computing is Aiming to Secure and Encrypt Data (from securitynewsdaily at 16-5-2011) Whether it's a Microsoft commercial telling you to take it to the cloud or you happen to work on some of the most cutting-edge computing issues in modern times, it's hard to escape cloud computing. The uses for cloud computing, in which companies or individuals can run applications on shared data centers, seems limitless. But theyre not. One of the constraints of cloud computing is that encrypted information cant be worked on within the cloud because theres no way to keep that data safe once ... read more»

Android Malware Jumps 400 Percent as All Mobile Threats Rise (from EWeek at 16-5-2011) Cyber-attackers are gunning for Googles Android as they take advantage of a user base that is unaware, disinterested or uneducated in mobile security, according to a recent research report. Malware developers are increasingly focusing on mobile devices, and Android malware has surged 400 percent since summer 2010, according to the Malicious Mobile Threats Report 2010/2011 released May 11. The increase in malware is a result of users not being concerned about security, large number of download... read more»

The UK Treasury is the most cyber-attacked Govt. department with one attack a day (from thenextweb at 16-5-2011) Googles Zeitgeist Conference is now in its sixth year, an event that draws together business leaders, politicians and some of the greatest thinkers across industry. And with the first day of the two-day event in Hertfordshire now well underway, Chancellor George Osborne revealed that Governmental departments were hit with over 20,000 emails from hostile intelligence agencies in the past year alone, in what the Chancellor referred to as pre-planned attacks.... read more»

UK Government under cyber-attack says Chancellor George Osborne (from Sophos at 16-5-2011) George Osborne MP, the UK's Chancellor of the Exchequer, has said that British government computers are on the receiving end of over 20,000 malicious email attacks every month. In a keynote address at the Google Zeitgeist event in London today, Osborne claimed that foreign intelligence agencies are responsible for many of the attacks, with the intention of stealing sensitive information....read more»

Cyber attacks present serious UK security risk (from ibtimes at 16-5-2011) Speaking at the Google Zeitgeist event in Hertfordshire, UK chancellor George Osborne highlighted the growing threat cyber crime is presenting the government in its attempts to make more public service data available online. Citing the current cyber attack tech giant Sony are suffering as an example of the growing problem, the chancellor claimed that in 2010 alone the government suffered at least one serious web-based attack on its computer systems a day -- threats which according to Osborne ... read more»

Time for America to Get Cyber-Serious (from heritage at 16-5-2011) The online threats facing America read like an ever-expanding encyclopedia of dangers to the freedoms, prosperity, and security of all Americans. Cybersecurity has become a crucial component of national security. Responses to cyber threats, however, have largely lagged because of a focus on technologies rather than the people behind the technologies. Cyber competition is just one instrument that Americas enemies are using to undermine the common defense. To meet these challenges, the United S... read more»

How security chief's bank details leaked (from The Age at 16-5-2011) Security firm Symantec's Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws. The security chief, Craig Scroggie, told of his experience at a Symantec roundtable discussion in Sydney last week which revealed the average cost of a data breach to Australian companies was $2 million. He said the government should implement Australian Law Reform Commissioner (... read more»

IU experts find flaws in US web protection plan (from Indiana Daily Student News at 16-5-2011) The White House proposed new cybersecurity legislation Thursday that aimed to protect the country against threats to the national infrastructure and the economy, but it was too small a step, according to IU cybersecurity experts. Fred Cate, a professor in the Maurer School of Law and the director of the Center for Applied Cybersecurity Research, said cybersecurity attacks are a huge problem in todays society.... read more»

Related articles

• Android Malware attacks up 400 per cent in a year (mobile-ent.biz)
• Cybercriminals targeting Canadian hosts: report (cbc.ca)
• Canada new breeding ground for cyber crime (financialpost.com)
• Silicon Alley Insider: Websense Seeks $1 Billion Sale With Help Of Qatalyst (WBSN) (businessinsider.com)
• A simple way to prevent credit card fraud? (news.ycombinator.com)
• PCI DSS: Preventing Credit Card Fraud [Jon Claiborne] (ecademy.com)
• How to stay safe on Sony PlayStation Network (news.cnet.com)
• PlayStation Network credit card info appears to be safe: 'No unauthorized activity relating to Sony' (massively.joystiq.com)
• Mobile Device Vulnerabilities at an all time high (brianpennington.co.uk)
• Mobile Malware Grew by 250% in 2010 (appscout.com)
• Android Malware Quadrupled in Six Months (comsecllc.blogspot.com)
• Mobile Device Security Threats at All Time High (webpronews.com)
• 400 Percent Increase In Android Malware; Mobile Security Threats At Record High (techcrunch.com)
• A short history of Android security issues (brianpennington.co.uk)
• 99.7 percent of Android devices vulnerable to Wi-Fi attack, says study (linuxfordevices.com)